package cn.itcast.web.shiro;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

public class MyPermissionsFilter extends AuthorizationFilter {

 /**
  * 判断是否具有某种权限
  */
 protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object mappedValues) throws Exception {
  //获取配置的filter参数，数据转型获取数组
  String[] perms = (String[]) mappedValues;
  //获取subject
  Subject subject = getSubject(servletRequest, servletResponse);
  //循环判断权限，满足其一即可返回true
  if (perms != null && perms.length > 0) {
   for (String perm : perms) {
    //判断权限
    if (subject.isPermitted(perm)) {
     return true;
    }
   }
   return false;
  } else {
   return true;
  }
 }
}
